mirror of
https://github.com/inspec/inspec
synced 2024-12-18 09:03:12 +00:00
2de06bdeb5
Signed-off-by: Clinton Wolfe <clintoncwolfe@gmail.com>
57 lines
1.3 KiB
Text
57 lines
1.3 KiB
Text
---
|
|
title: About the security_policy Resource
|
|
platform: windows
|
|
---
|
|
|
|
# security_policy
|
|
|
|
Use the `security_policy` InSpec audit resource to test security policies on the Windows platform.
|
|
|
|
<br>
|
|
|
|
## Availability
|
|
|
|
### Installation
|
|
|
|
This resource is distributed along with InSpec itself. You can use it automatically.
|
|
|
|
### Version
|
|
|
|
This resource first became available in v1.0.0 of InSpec.
|
|
|
|
## Syntax
|
|
|
|
A `security_policy` resource block declares the name of a security policy and the value to be tested:
|
|
|
|
describe security_policy do
|
|
its('policy_name') { should eq 'value' }
|
|
end
|
|
|
|
where
|
|
|
|
* `'policy_name'` must specify a security policy
|
|
* `{ should eq 'value' }` tests the value of `policy_name` against the value declared in the test
|
|
|
|
<br>
|
|
|
|
## Examples
|
|
|
|
The following examples show how to use this InSpec audit resource.
|
|
|
|
### Verify that only the Administrators group has remote access
|
|
|
|
describe security_policy do
|
|
its('SeRemoteInteractiveLogonRight') { should eq '*S-1-5-32-544' }
|
|
end
|
|
|
|
<br>
|
|
|
|
## Matchers
|
|
|
|
For a full list of available matchers, please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
|
|
|
|
### policy_name
|
|
|
|
The `policy_name` matcher must be the name of a security policy:
|
|
|
|
its('SeNetworkLogonRight') { should eq '*S-1-5-11' }
|